Online Virus Checker | v.1.0.170.174 |
DB Version: | 2024-03-31 23:00:28 |
RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.
File | setuppopcon .exe |
Checked | 2024-03-31 20:55:59 |
MD5 | 8fbdd0dc15e800dfdec30b5ee5201eca |
SHA1 | 4e8af1bbea3505603c1ae37d20f6bf7436cdd44d |
SHA256 | 0d5caf9c9e0da55980cda1dd5d9f3f95a8d1b12b0992030b995f49ce54b31f6c |
SHA512 | c0b5146f425886b73301f0b2ca7fd6488cecca28b039e54ca6082b37e71dc814e0f82dec0dc74cae11cce833805a53a6b6690a5392a04a7d26b7d105841d41c3 |
Imphash | 646167cce332c1c252cdcb1839e0cf48 |
File Size | 26944496 bytes |
Gridinsoft has the capability to identify and eliminate Spy.Win32.Redline.lu!heur without requiring further user intervention.
CompanyName | Microsoft Corporation |
FileDescription | Win32 Cabinet Self-Extractor |
FileVersion | 11.00.22621.1 (WinBuild.160101.0800) |
InternalName | Wextract |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | WEXTRACT.EXE .MUI |
ProductName | Internet Explorer |
ProductVersion | 11.00.22621.1 |
Translation | 0x0409 0x04b0 |
CompanyName | Microsoft Corporation |
FileDescription | Win32 Cabinet Self-Extractor |
FileVersion | 11.00.22621.1554 (WinBuild.160101.0800) |
InternalName | Wextract |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | WEXTRACT.EXE .MUI |
ProductName | Internet Explorer |
ProductVersion | 11.00.22621.1554 |
Translation | 0x0809 0x04b0 |
3e91cc67e146308239c15a39134ff14e 2e2cf0d16805fb9dfdfc9b2658485b99 f0f0f4d8c8c8d8f0 |
|
Image Base: | 0x00400000 |
Entry Point: | 0x00406d50 |
Compilation: | 2059-08-08 23:27:35 |
Checksum: | 0x019bbdaa (Actual: 0x019bbdaa) |
OS Version: | 10.0 |
PDB Path: | wextract.pdb |
PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
Sign: | Chain verification from C=IE, [email protected], OU=Group Management, O=Know Your Customer Limited, CN=Claus Christensen (serial:-365698119444313454430775, sha1:504c13d2d98adecfc41cc61dc7dc9c4ce5f23091) failed: The X.509 certificate provided is self-signed - "Common Name: Claus Christensen, Organization: Know Your Customer Limited, Organizational Unit: Group Management, Email Address: [email protected], Country: IE" |
Sections: | 5 |
Imports: | ADVAPI32, KERNEL32, GDI32, USER32, msvcrt, COMCTL32, Cabinet, VERSION, |
Exports: | 0 |
Resources: | 56 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0000669c | 0x00006800 | 8efccde25b9e492cde40b5ef253cf7a7 | 6.27 |
.data | 0x00008000 | 0x00001aa0 | 0x00000200 | 7b9890a93c0516bb070e1170cfde54d5 | 4.97 |
.idata | 0x0000a000 | 0x00001056 | 0x00001200 | 8fa33e292b5a9d9dcf9cf67d5c955b3d | 5.04 |
.rsrc | 0x0000c000 | 0x019a8000 | 0x019a7c00 | ba95cdebc2f40ca51ada3794eaf184e2 | 8.00 |
.reloc | 0x019b4000 | 0x00000888 | 0x00000a00 | 0e9fae0fc18f3412188d18fc97b6fc55 | 6.27 |